shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-09 20:32:04 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
4e00cc84f23d629915ee654e2413f28af2b9e02f
linux/net
History
Hanjie Lin 27a1861d28 RAVENPLAT 2381:OSS vulnerability found in [boot.img]:[linux_kernel] (CVE-2018-6555) Risk:[] [1/1] 
PD#OTT-5671

[Problem]
The irda_setsockopt function in net/irda/af_irda.c and later in
drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17
allows local users to cause a denial of service (ias_object
		use-after-free and system crash) or possibly have unspecified other
impact via an AF_IRDA socket.

[Solution]
The irda_setsockopt() function conditionally allocates memory for a new
self->ias_object or, in some cases, reuses the existing
self->ias_object. Existing objects were incorrectly reinserted into the
LM_IAS database which corrupted the doubly linked list used for the
hashbin implementation of the LM_IAS database. When combined with a
memory leak in irda_bind(), this issue could be leveraged to create a
use-after-free vulnerability in the hashbin list. This patch fixes the
issue by only inserting newly allocated objects into the database.

[Test]

Change-Id: Idbdc870be0064e331969b39a7b6e447c16a9073a
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
2019-09-17 23:19:19 -07:00
..
6lowpan
9p
9p/trans_virtio: discard zero-length reply
2018-02-22 15:43:50 +01:00
802
8021q
vlan: also check phy_driver ts_info for vlan's real device
2018-04-13 19:48:34 +02:00
appletalk
atm
net: atm: Fix potential Spectre v1
2018-05-16 10:08:44 +02:00
ax25
ax25: Fix segfault after sock connection timeout
2017-02-04 09:47:09 +01:00
batman-adv
batman-adv: fix packet loss for broadcasted DHCP packets to a server
2018-05-30 07:50:38 +02:00
bluetooth
Merge tag 'v4.9.95' into android-4.9.95
2018-04-20 10:06:49 -07:00
bridge
Merge 4.9.113 into android-4.9
2018-07-17 12:36:18 +02:00
caif
net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx
2017-07-05 14:40:14 +02:00
can
can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
2018-01-31 12:55:50 +01:00
ceph
libceph: validate con->state at the top of try_write()
2018-05-01 15:13:09 -07:00
core
Merge 4.9.108 into android-4.9
2018-06-13 16:37:10 +02:00
dcb
net: dcb: set error code on failures
2016-12-03 23:54:25 -05:00
dccp
Merge branch 'android-4.9' into amlogic-4.9-dev
2018-08-07 14:43:24 +08:00
decnet
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
2018-02-25 11:05:44 +01:00
dns_resolver
Merge 4.9.97 into android-4.9
2018-04-30 06:05:25 -07:00
dsa
net: dsa: select NET_SWITCHDEV
2017-11-15 15:53:17 +01:00
ethernet
net: introduce device min_header_len
2017-02-18 15:11:43 +01:00
hsr
hsr: fix incorrect warning
2018-04-13 19:48:29 +02:00
ieee802154
net: ieee802154: fix net_device reference release too early
2018-04-13 19:48:04 +02:00
ipv4
RAVENPLAT-2379:OSS vulnerability found in [boot.img]:[linux_kernel] (CVE-2018-5390) Risk:[] [1/1]
2019-09-17 23:17:53 -07:00
ipv6
Merge 4.9.113 into android-4.9
2018-07-17 12:36:18 +02:00
ipx
ipx: call ipxitf_put() in ioctl error path
2017-05-25 15:44:41 +02:00
irda
RAVENPLAT 2381:OSS vulnerability found in [boot.img]:[linux_kernel] (CVE-2018-6555) Risk:[] [1/1]
2019-09-17 23:19:19 -07:00
iucv
net/iucv: Free memory obtained by kzalloc
2018-03-31 18:11:34 +02:00
kcm
kcm: Fix use-after-free caused by clonned sockets
2018-06-13 16:16:42 +02:00
key
af_key: Always verify length of provided sadb_key
2018-06-16 09:52:32 +02:00
l2tp
RAVENPLAT 2378:OSS vulnerability found in [boot.img]:[linux_kernel] (CVE-2018-9517) Risk:[] [1/1]
2019-09-17 23:18:19 -07:00
l3mdev
lapb
llc
llc: properly handle dev_queue_xmit() return value
2018-05-30 07:50:39 +02:00
mac80211
Merge branch 'android-4.9' into amlogic-4.9-dev
2018-08-07 14:43:24 +08:00
mac802154
mpls
mpls, nospec: Sanitize array index in mpls_label_ok()
2018-03-11 16:21:34 +01:00
ncsi
net/ncsi: Improve HNCDSC AEN handler
2016-10-20 11:23:08 -04:00
netfilter
Merge 4.9.113 into android-4.9
2018-07-17 12:36:18 +02:00
netlabel
netlabel: If PF_INET6, check sk_buff ip header version
2018-05-30 07:50:51 +02:00
netlink
netlink: fix uninit-value in netlink_sendmsg
2018-05-16 10:08:40 +02:00
netrom
nfc
Merge 4.9.104 into android-4.9
2018-05-30 13:19:56 +02:00
openvswitch
openvswitch: Remove padding from packet before L3+ conntrack processing
2018-05-30 07:50:23 +02:00
packet
packet: fix reserve calculation
2018-06-13 16:16:42 +02:00
phonet
qrtr
qrtr: add MODULE_ALIAS macro to smd
2018-05-30 07:50:32 +02:00
rds
RDS: IB: Fix null pointer issue
2018-05-30 07:50:25 +02:00
rfkill
Merge 4.9.100 into android-4.9
2018-05-16 11:39:34 +02:00
rose
rxrpc
rxrpc: Don't treat call aborts as conn aborts
2018-05-30 07:50:42 +02:00
sched
net/sched: act_simple: fix parsing of TCA_DEF_DATA
2018-06-26 08:08:06 +08:00
sctp
sctp: not allow transport timeout value less than HZ/5 for hb_timer
2018-06-13 16:16:43 +02:00
strparser
strparser: Fix incorrect strp->need_bytes value.
2018-04-29 11:32:02 +02:00
sunrpc
Merge 4.9.96 into android-4.9
2018-04-24 11:26:46 +02:00
switchdev
switchdev: Execute bridge ndos only for bridge ports
2016-10-19 10:58:04 -04:00
tipc
tipc: add policy for TIPC_NLA_NET_ADDR
2018-04-29 11:32:01 +02:00
unix
build: fix build err [1/1]
2019-01-15 18:51:25 -08:00
vmw_vsock
vsock: cancel packets when failing to connect
2017-12-25 14:23:38 +01:00
wimax
wireless
Merge branch 'android-4.9' into amlogic-4.9-dev
2018-08-07 14:43:24 +08:00
x25
net: x25: fix one potential use-after-free issue
2018-04-13 19:48:00 +02:00
xfrm
Merge branch 'android-4.9' into amlogic-4.9-dev
2018-08-07 14:43:24 +08:00
compat.c
net: support compat 64-bit time in {s,g}etsockopt
2018-05-19 10:26:58 +02:00
Kconfig
add support for clang Control Flow Integrity (CFI)
2018-02-28 15:09:58 -08:00
Makefile
socket.c
Merge 4.9.79 into android-4.9
2018-01-31 14:13:00 +01:00
sysctl_net.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2016-10-06 09:52:23 -07:00